diff --git a/.github/OSBotify-private-key.asc.gpg b/.github/OSBotify-private-key.asc.gpg deleted file mode 100644 index 03f06222..00000000 Binary files a/.github/OSBotify-private-key.asc.gpg and /dev/null differ diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8efb37be..d31399ec 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,77 +1,18 @@ name: Publish package to npmjs -# This workflow runs when code is pushed to `main` (i.e: when a pull request is merged) on: push: branches: [main] -# Ensure that only once instance of this workflow executes at a time. +# Ensure that only one instance of this workflow executes at a time. # If multiple PRs are merged in quick succession, there will only ever be one publish workflow running and one pending. concurrency: ${{ github.workflow }} jobs: - version: - runs-on: ubuntu-latest - - # OSBotify will update the version on `main`, so this check is important to prevent an infinite loop - if: ${{ github.actor != 'OSBotify' }} - - steps: - - uses: actions/checkout@v4 - with: - ref: main - # The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify, which allows him to push to protected branches - token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} - - - name: Decrypt & Import OSBotify GPG key - run: | - cd .github - gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg - gpg --import OSBotify-private-key.asc - env: - LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - - - name: Set up git for OSBotify - run: | - git config --global user.signingkey AEE1036472A782AB - git config --global commit.gpgsign true - git config --global user.name OSBotify - git config --global user.email infra+osbotify@expensify.com - - - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - registry-url: 'https://registry.npmjs.org' - - - name: Install npm packages - run: npm ci - - - name: Update npm version - run: npm version patch - - - name: Set new version in GitHub ENV - run: echo "NEW_VERSION=$(jq '.version' package.json)" >> $GITHUB_ENV - - - name: Push branch and publish tags - run: git push origin main && git push --tags - - - name: Build package - run: npm run build - - - name: Publish to npm - run: npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Get merged pull request - id: getMergedPullRequest - run: | - read -r number < <(gh pr list --search ${{ github.sha }} --state merged --json 'number' | jq -r '.[0] | [.number] | join(" ")') - echo "number=$number" >> "$GITHUB_OUTPUT" - env: - GITHUB_TOKEN: ${{ github.token }} - - - name: Comment on merged pull request - run: gh pr comment ${{ steps.getMergedPullRequest.outputs.number }} --body "🚀Published to npm in v${{ env.NEW_VERSION }}" - env: - GITHUB_TOKEN: ${{ github.token }} + publish: + # os-botify[bot] will update the version on `main`, so this check is important to prevent an infinite loop + if: ${{ github.actor != 'os-botify[bot]' }} + uses: Expensify/GitHub-Actions/.github/workflows/npmPublish.yml@main + secrets: inherit + with: + should_run_build: true diff --git a/.gitignore b/.gitignore index 78c6fc53..375853db 100644 --- a/.gitignore +++ b/.gitignore @@ -7,8 +7,5 @@ package.json-e *.swp dist -# Decrypted private key we do not want to commit -.github/OSBotify-private-key.asc - # Published package *.tgz